You are here

DeGette Questions Equifax on Massive Data Breach

Sep 12, 2017

Press Release

Washington, D.C. – Congresswoman Diana DeGette (D-CO) and her Democratic colleagues on the Energy and Commerce Committee today sent a letter to Equifax Chairman and CEO Richard Smith seeking more information about the massive data breach that has compromised the sensitive personal information of approximately 143 million Americans. DeGette, the Ranking Member on the Oversight and Investigations subcommittee, and the other members asked what Equifax is doing to make consumers whole, how the breach occurred, and how the company plans to safeguard against security breaches in the future. They also expressed concern that it took Equifax more than a month to disclose the data breach to the public, and that consumers continue to report difficulties they face in merely getting information about whether their personal data was compromised.

“Your company profits from collecting highly sensitive personal information from American consumers—it should take seriously its responsibility to keep data safe and to inform consumers when its protections fail,” the members wrote to Equifax CEO Richard Smith.

“We are writing with serious concerns about the immense scale of this data breach, and we have a number of questions about whether Equifax took appropriate steps to safeguard the personal information of consumers,” the Democratic Committee members continued in their letter. “We also have concerns about the amount of time it took for Equifax to notify the public of the breach and about the way Equifax is providing information to consumers.”

Almost immediately after Equifax announced the breach, consumers reported a number of problems with the website where people were directed to go to determine if their information was compromised. People who checked the site on both their mobile device and a computer received different results. False information entered into the fields also provided the same result as real information.

With an Energy and Commerce hearing expected for either later this month or in October, the members have requested answers to a series of questions prior to the hearing, including:

Why did it take Equifax more than a month to announce this massive data breach?

How did Equifax determine that offering credit monitoring services for one year – provided by Equifax itself – would be adequate to make consumers whole?

How much money per year would an affected customer pay Equifax to extend the “complimentary” credit monitoring services beyond one year? How much money would Equifax make after one year on credit monitoring services that would be unnecessary but for Equifax’s failure to safeguard consumer data?

What measures is Equifax implementing after the event to improve the protection of consumer information residing on its network?

What measures is the company taking to investigate the sale of stock in the aftermath of the company’s discovery of the data breach, including whether these or other executives sought to delay the announcement of the data breach?

What measures, other than offering credit monitoring services and identity theft protection, is Equifax taking to mitigate harm to consumers?